CVE-2024-2841
CVSS 3.1 Score 6.4 of 10 (medium)
Details
Summary
CVE-2024-2841 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Otter Blocks plugin, used as a page builder for the Gutenberg Editor and FSE in WordPress. This issue, present in all versions up to 2.6.5, allows authenticated attackers with contributor-level access and above to inject malicious scripts into widgets. These scripts are executed whenever a user accesses a page with the injected widget, potentially leading to data theft or unintended functionality. The root cause stems from insufficient input sanitization and output escaping on user-supplied 'id' attributes.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.